Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Add VPC Connectivity SASL Scram and IAM #129

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
PlexusLoganPope wants to merge 8 commits into cloudposse:main
base: main
Choose a base branch
Loading
from PlexusLoganPope:vpc-connectivity

Conversation

@PlexusLoganPope
Copy link

@PlexusLoganPope PlexusLoganPope commented Oct 8, 2024
edited
Loading

what

  • Added support for VPC connectivity client authentication using SASL/IAM and SASL/SCRAM.
  • Updated resource configuration to include the necessary properties for enabling VPC connectivity client authentication IAM and SCRAM.
  • Added variables to configure VPC connectivity client authentication IAM and SCRAM.
  • Updated module documentation to include the new VPC connectivity client authentication configuration options.

why

  • This module does not currently support configuration VPC connectivity for private link functionality.
  • This enhancement provides ability to configure VPC connectivity and enables the usage of private link.

references

jordanjennings and andreasbolstad reacted with thumbs up emoji rowi1de reacted with rocket emoji
Copy link

mergify bot commented Oct 14, 2024

Important

Cloud Posse Engineering Team Review Required

This pull request modifies files that require Cloud Posse's review. Please be patient, and a core maintainer will review your changes.

To expedite this process, reach out to us on Slack in the #pr-reviews channel.
rowi1de reacted with thumbs up emoji

@mergify mergify bot added the needs-cloudposse Needs Cloud Posse assistance label Oct 14, 2024
Copy link

/terratest
github-actions[bot] reacted with thumbs up emoji rowi1de reacted with heart emoji

Copy link
Member

@Benbentwo Benbentwo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar to #136 my only fears are if the block does not work when no value is supplied.

We also need to get tests working.

Comment on lines +155 to +162
vpc_connectivity {
client_authentication {
sasl {
iam = var.vpc_connectivity_client_authentication_sasl_iam_enabled
scram = var.vpc_connectivity_client_authentication_sasl_scram_enabled
}
}
}
Copy link
Member

@Benbentwo Benbentwo Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
vpc_connectivity {
client_authentication {
sasl {
iam = var.vpc_connectivity_client_authentication_sasl_iam_enabled
scram = var.vpc_connectivity_client_authentication_sasl_scram_enabled
}
}
}
dynamic "vpc_connectivity" {
for_each = var.vpc_connectivity == null ? [] : [var.vpc_connectivity]
content {
client_authentication {
dynamic "sasl" {
for_each = (
try(vpc_connectivity.value.sasl_iam_enabled, null) != null ||
try(vpc_connectivity.value.sasl_scram_enabled, null) != null
) ? [1] : []
content {
iam = try(vpc_connectivity.value.sasl_iam_enabled, null)
scram = try(vpc_connectivity.value.sasl_scram_enabled, null)
}
}
}
}
}

Comment on lines +251 to +263
variable "vpc_connectivity_client_authentication_sasl_iam_enabled" {
type = bool
default = false
description = "Enables SASL/IAM authentication for VPC connectivity"
nullable = false
}

variable "vpc_connectivity_client_authentication_sasl_scram_enabled" {
type = bool
default = false
description = "Enables SASL/SCRAM authentication for VPC connectivity."
nullable = false
}
Copy link
Member

@Benbentwo Benbentwo Sep 5, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
variable "vpc_connectivity_client_authentication_sasl_iam_enabled" {
type = bool
default = false
description = "Enables SASL/IAM authentication for VPC connectivity"
nullable = false
}
variable "vpc_connectivity_client_authentication_sasl_scram_enabled" {
type = bool
default = false
description = "Enables SASL/SCRAM authentication for VPC connectivity."
nullable = false
}
variable "vpc_connectivity" {
description = <<-EOT
Optional VPC connectivity settings. Set to null to omit the entire `vpc_connectivity` block.
Provide booleans for SASL IAM and/or SCRAM.
Example:
vpc_connectivity = {
sasl_iam_enabled = true
sasl_scram_enabled = true
}
EOT
type = object({
sasl_iam_enabled = optional(bool)
sasl_scram_enabled = optional(bool)
})
default = null
nullable = true
validation {
condition = var.vpc_connectivity == null
|| try(var.vpc_connectivity.sasl_iam_enabled, false)
|| try(var.vpc_connectivity.sasl_scram_enabled, false)
error_message = "When vpc_connectivity is set, enable at least one of sasl_iam_enabled or sasl_scram_enabled."
}
}

Copy link
Member

/terratest
github-actions[bot] reacted with thumbs up emoji

Copy link

mergify bot commented Oct 5, 2025

💥 This pull request now has conflicts. Could you fix it @PlexusLoganPope? 🙏

@mergify mergify bot added the conflict This PR has conflicts label Oct 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Benbentwo Benbentwo Benbentwo requested changes

@jamengual jamengual Awaiting requested review from jamengual jamengual is a code owner automatically assigned from cloudposse/contributors

@joe-niland joe-niland Awaiting requested review from joe-niland joe-niland is a code owner automatically assigned from cloudposse/contributors

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

conflict This PR has conflicts needs-cloudposse Needs Cloud Posse assistance triage Needs triage

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

AltStyle によって変換されたページ (->オリジナル) /